spf-discuss
[Top] [All Lists]

Re: Why Modified SPF is Working

2004-07-03 13:51:44
On Sat, 3 Jul 2004, David Burns wrote:

On Sat, 03 Jul 2004 01:54:56 -0700, David Lawless
The results I've obtained with aggressively modified SPF have
been nothing short of amazing.  Really unbelievable.  Jaw

I'm wondering if you had any tests or controls for false positives. 
Since you are using (and seem to be advocating) a very aggressive SPF
implementation, that is going to be a much more telling measure of how
good a filter this is.  (It's easy, of course, to block 100% of spam
by blocking all incoming email -- but that's not a useful filter.)

SPF has never claimed to block spam.  It aims to block forged SMTP time
headers.  A perfect performance would block all mail with forged envelope from
domain, while not blocking any mail with an unforged envfrom domain.  Note that
unforged mail may be spam (a spammer with a registered domain and SPF
record), and forged mail may be "legit" (sent from some clueless
website in behalf of a 3rd party).  A spammer with a valid domain is
preferable to a spammer with a forged domain.  They are easier to ignore,
and easier to track down.

Furthermore, unlike content filters, SPF rejects mail before DATA, so
that the sender gets a bounce with an explanation as to why his mail was
rejected, rather than being silently trashed.

I have taken the semi-agressive step of rejecting "neutral" results
from selected domains: 

reject_neutral = aol.com, yahoo.com, hotmail.com, arosii.com

with a default SPF record of "v=spf1 a/24 mx/24 ptr ?all" for domains
which don't publish.

To the best of my knowledge, there have been 0 false positives from
this strategy.  I check for false positives as follows:

o I monitor the logs for known email addresses in the above domains.  

o The mail is rejected, not ignored, so the sender gets a bounce with
  an explanation, and they can then email me again from their home ISP.

-- 
              Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
    Business Management Systems Inc.  Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.


<Prev in Thread] Current Thread [Next in Thread>